The Role of ICT Deployment for National Security by Hakeem Ajijola

advertisement
THE ROLE OF ICT DEPLOYMENT
FOR NATIONAL SECURITY
A presentation by:
Abdul-Hakeem B. D. Ajijola
[email protected], [email protected]
18 May 2010
ENIGERIA
@ the
2010 CONFERENCE
Shehu Musa Yar’adua Centre, Abuja
18 May, 2010
1
FOOD FOR THOUGHT
• In the 21st Century
knowledge
is
arguably the single
most
important
factor of socioeconomic
power,
production
and
development
• The management of intellectual capital
is one of the most critical success
factors of society in its quest for survival
and dominance
• Knowledge is about people
2
NATIONAL SECURITY
• “In the past, national security was
understood, or more appropriately,
misunderstood to be the sole job of the
defense forces on the national frontiers
and of the police inside the country.
Today we know that national security
now assumes a wider dimension
than
ever
before
to
include
EVERYTHING that threatens peace
and tranquility in the society.”
A. Mohammed
3
NATIONAL SECURITY POLICY FORMULATION
National
Defence
Council
General
Security
Appraisal
Committee
National
Security
Council
President
Intelligence
Community
Committee
Joint
Intelligence
Board
Monday,
13 April 2015
ICT & NATIONAL SECURITY
• Pooling and inter-connectivity of the resources
base of security agencies
– Central to this, is the importance of sharing
intelligence and other collaborative
measures
– Intelligence managing process encourages
the systematic exploitation of intelligence
from diverse sources
• National
Security
must
become
Information
Technology
(IT)
driven
5
LEVERAGE ICT’S IN THE NATIONAL SECURITY PROCESS






Need for proper coordination
Minimize duplication of effort and
mishandling of information
Information sharing
Effective integration of data
possible
where
trusted
databases exist
Secure Circulation of Intelligence Products
Keep all abreast of trends and developments
 If the maneuver forces cannot respond adequately to
the intelligence provided then the efforts of the
intelligence providers are in vain
 If good intelligence is not available the decisionmakers and security force only act blindly
Monday,
13 April 2015
NATIONAL SECURITY CHALLENGES
• Consolidating
our
democratic gains
– Stability in the polity
and political process •
• Economic development
and stability
– Transnational organized
crime
– Financial
crime
and
economic sabotage
•
– Vandalization of pipelines•
and oil bunkering
•
– Drugs and related crimes
– Human Trafficking
•
• Upsurge and promotion
of divisive and parochial
sentiments
– Ethnicity,
religious
intolerance and bigotry
Increasing
level
of
insecurity in the country
– Proliferation of illegal
weapons
– Proliferation of small arms
– Activities of militia groups
Civil emergencies
Natural disasters
Epidemics,
extreme
weather conditions etc
Poverty, inequality, poor
governance, global trends
e.g. financial crisis
7

ADDRESSING NATIONAL SECURITY CHALLENGES
• Growing sophistication in security
challenges especially the transnational nature of most and
advances in technology have
more
than
ever
before
underscored the importance of
multi-sectoral,
holistic
and
integral
approach
in
intelligence management
A. Mohammed
8
CHALLENGES OF ICT IN NATIONAL SECURITY
• ICT can abet and/ or be the object of crime
and criminals
• ICT’s facilitate “traditional” crimes and
spawn new types of crimes and criminal
activity
• The ICT security problem is growing in
importance due to several trends
– Volume: The rapidly increasing quantity of
computerized data stored and transmitted
over communication networks
– Value: The increasing value of the data,
both as a marketable commodity and as
representative of value, for example, as in
an electronic funds transfer or an automated
stock exchange transaction
– Privacy Issues: An increasing quantity of
personal information is being collected,
9
stored, and transmitted

CHALLENGE OF CAPACITY GROWTH
Subscriber Data At A Glance • 2001
(Year 2008 - February 2010)
– Connected Lines 866,782
Installed
140,000,000
Telephone Lines
120,000,000
100,000,000
80,000,000
60,000,000
40,000,000
20,000,000
0
– Mobile (GSM) 266,461
Jan '09 (8 years)
– Active Lines 65,514,537
– Installed Capacity
117,292,815
Active
Lines,
– Mobile (GSM) 58,286,444
75,934,2
07 • Feb '10 (13 months later)
– Active Lines 75,934,207
– Installed Capacity
148,835,470
– Mobile (GSM) 67,851,706
Capacity
,
148,835,•
470
Jan '09
Jun '09
Aug '09
Sep '09
Oct '09
Nov '09
Dec '09
Jan '10
Feb '10
160,000,000
10
CHALLENGE OF PERCEPTION: INTERNET CRIME COMPLAINT CENTRE
2008 Internet Crime Complaint Centre Report
1%
1% 1%
1% 1%
3% 1%
United States of
America
United Kingdom
Nigeria
8%
Canada
China
11%
South Africa
Ghana
Spain
72%
Italy
Romania
11
CHALLENGE OF PERCEPTION: MATTERS ARISING
• Do we have the capacities achieve our #3 rating
– Bandwidth,
available
equipment,
support
infrastructure (PHCN), maintenance and human
– the report is specific to the US only == 93% of
complainants came from the US
– Nigeria 419 Scam is now category of crime not always
committed by Nigerian’s
– Many people are involved: Who are they?
• Cyber crime is replacing cultism in our higher
education institutions
– Boys: 419 letter scams
– Girls: online prostitution
• Does perception matter?
• Perception is reality!
– All must doing something
12

CHALLENGE OF CYBERSPACE
• Cyberspace is an environment that does
not exist in the normal physical sense, but
exists as a bio-electronic ecosystem where
people, systems along with abstract
concepts, including software, interact with
each other, which are usually underpinned
by an electronic infrastructure
– Cyberspace is not borderless;
• however,
the
borders
are
seamless to the end user
– Every
country
has
its
own
cyberspace which is defined by its
national infrastructure
– Perpetrators of cyber-crime carry
out their activities in an apparently
seamless
environment,
law
enforcement is constrained by
13
issues of jurisdiction

MOBILE SYSTEMS
• Advances
mobile
“smart
phones” capabilities are making
them
ubiquitous
and
indispensible tools of modern
life
• Double edged sword
– National
Security
can
leverage them
– National
Security
be
• Implication:
compromised by them
• These devices empower people with knowledge –
information which is not always true
• Secure/ encrypted devices are available for the security
conscious
• China has tried to comprehensively monitor Internet
communications with unverified success
14

CLOUD COMPUTING
• Many applications and activities are moving off the
standing/ standard computer onto server farms
accessible through the Internet
• Implications:
• Cheaper
information
appliances which do not
require the PC size or
processing power
• Challenge will be providing
security and ubiquitous
connectivity
to
access
information sitting in the
“cloud”
15
HIGH-SPEED COMMUNICATIONS LINKS
• Increasingly
robust
connectivity
infrastructure
and
cheaper computers are
developing the ability
to
provide
usage
opportunities
“anytime, anywhere”
• Implication:
• Can
Government
monitor infrastructure
it does not own?
• High
associated
costs?
• Such links needed for
growth
16
GAMING: A TREND TO WATCH
• Massively multiplayer and other
online game experience is
gaining
popularity
among
young people
• Social Networking
• Simulations
for
Defense
Training
• Implication:
• Games offer an opportunity for
increased social interaction and
civic engagement among youth
• Games can be time wasters for
otherwise productive youth
• Online-Games have triggered
Murder and Divorce in South
17
Korea

LISTSERV’S: WEAPONS OF MASS MOBILIZATION
• NAIJA IT Professionals Forum
Discussion
List
[email protected]
• MoveOn.org: Leveraging email
as a petition to a hundred or so
friends calling on Congress to
censure Clinton and "move on."
– Initially ignored MoveOn.org
used the list of email
addresses to arrange for
supporters to make personal
visits to congressional field
offices
– The
Obama
Campaign
leveraged the MoveOn.org
phenomena
18
•
•
•
•
TEXT MESSAGING: NEW POLITICAL TOOL?
Demonstrations
in
Iran
organized
by
leveraging SMS, e-mail and Twitter
Seoul, South Korea: Rapidly circulated Text
Messages facilitated spontaneous rally of
400 students gathered to protest the severe
pressures they must endure for the nation's
highly competitive college-entrance exam
Lebanon: Anti-Syria protest were organized
through e-mail and text messaging
drawing together 1 million demonstrators to
demand the withdrawal of Syrian troops and
the resignation of the government
Recent Historical Technology Antecedents:
– Television helped bring down the Berlin Wall
– Fax machine helped protesters organize during
Tiananmen Square protests
– Webcast of the Death of Nena in Iran, 2009
the
19
SMS: THE POOR PERSON'S INTERNET
• Text messaging has been fomenting what some
experts call a "mobile democracy."
– Unmonitored and cheap
– Underground
channel
for
succinct
uncensored speech
– Demonstrators use it to mobilize
protests, dodge authorities, and fire off
political spam
– Helps to engineer collective action at
unprecedented speed
• Philippines in 2002: Black-clad protesters,
summoned together by a single line passed
from phone to phone:
– "Go 2 EDSA [an acronym for a Manila
street]. Wear Blck,“
– Eventually helped topple President Estrada
20
SMS: ADVOCACY AND MOBILIZATION
• South Korean President Roh Moo Hyun may not have been
elected without the help of the Internet and SMS
– "You might not trust what is coming out of the TV,
but you take it seriously when the message comes
from a friend."
• December, 12,000 Chinese workers went on strike against a
supplier of Wal-Mart.
– Not part of a union, mobilized through SMS
• Kuwait, women mobilized in record numbers to rally for the
right to vote
– Protests were more effective because text messaging
allowed Kuwaiti demonstrators to pull young
people out of school and into the streets
• Nigeria Miss World pageant in 2002 protests had text
messaging elements
21

CRITICAL INFRASTRUCTURE
• “those physical and cyber-based systems
essential to the minimum operations of the
economy and government.” Former US President Bill Clinton
– Banking and Finance;
– Electrical Power Systems;
– Emergency and Security Services;
– Gas and Oil Production, Storage and transportation;
– Information and Communication;
– Transportation;
– Water Supply System;
• Not all parts of a critical infrastructure are critical
• Infrastructure interdependencies can be more
critical than the specific infrastructure itself
22
Worms
Web application
attacks
Drive-by downloads
Malware
Social Engineering
Single Point of failure
Targeted DoS
Natural disasters
Denial of Service
Viruses
Phising
Vulnerable servers
Relying too much on one
person
Unprepared for security
incidents
Lack of documentation
Bandwidth exhaustion
Power cuts
High privileged
accounts
Privilege creep
Disgruntled employees
Authentication &
Privilege attacks
Connection downtime
weak passwords
Password
Insecure server rooms
Insecure network
points
Unprotected end
points
Hardware loss
Attacks on
physical systems
Inappropriate password
policy
Network monitoring
Internal attack
Removable media
USB devices
Storage theft
Laptop theft
E-MAIL
Security Threats
SECURITY CHALLENGES
Malicious
Internet
Content
WIKIPEDIA AND INTELLIPEDIA
• An online tool that claims to reveal the identity of organizations
that edit Wikipedia pages has revealed that the CIA was involved
in editing entries.
– Wikipedia Scanner allegedly shows that workers on the
agency's computers made edits to the page of Iran's
president http://news.bbc.co.uk/2/hi/6947532.stm
• The CIA and other U.S. intelligence agencies have created a
computer system that uses software from a popular Internet
encyclopedia site to gather content on sensitive topics from
analysts across the spy community, part of an effort to fix
problems that plagued prewar estimates on Iraq
– The system, dubbed Intellipedia because it is built on opensource software from Wikipedia, was launched earlier this year.
– It already is being used to assemble intelligence
reports on Nigeria and other subjects, according to U.S.
intelligence officials who on Tuesday discussed the initiative in
detail for the first time, Los Angeles Times reports
24

http://english.pravda.ru/world/americas/01-11-2006/85315-Wikipedia%20encyclopedia%20Wikipedi-0
21ST CENTURY WARFARE
• One of the realities of modern
warfare is that computers are as
important as tanks – computer
control the tanks. The U.S.
military has created a new group,
called
Cyber
Command,
to
supporting the information and
communications systems of the
military forces, and in extreme
situations, get involved in a battle by
attacking enemy networks
– President Obama's nominee to
head the Pentagon's new
Cyber Command said the
division would primarily focus on
its
defensive
role…
http://www.esecurityplanet.com/news/article.php/3876796/CyberCommand-Nominee-Says-Focus-Is-Security-Coordination.htm
25
CYBER ESPIONAGE
• Economic espionage: Theft of secrets stored in digital files
affects competitiveness
• Infrastructure attacks:
Assault against Critical
Infrastructure threaten whole populations
• The concept of protecting Nigeria’s “territorial
integrity” must now include Nigeria’s cyber space
Monday,
13 April 2015
“GHOSTNET”
A vast Chinese cyber-espionage network, codenamed
GhostNet, has penetrated 103 countries and infects at
least a dozen new computers every week, according to
researchers http://www.telegraph.co.uk/news/worldnews/asia/china/5071124/Chinas-global-cyberespionage-network-GhostNet-penetrates-103-countries.html
Perpetrators
searched
China allegedly
through the
strategically
contents of
targeted 1,295
those computers
computers in
& other systems
103 countries
on the local
network
Perpetrators
remotely
activated
cameras &
recording
devices:
Recording
meetings
Major “powers”
are believed to
have Cyber
Espionage
Networks &
already have
military
“divisions”
dedicated to
cyber based
warfare
• Son of GhostNet: China-based hacking targets India
government http://arstechnica.com/security/news/2010/04/son-of-ghostnet-china-based-hackingtargets-india-government.ars
Monday,
13 April 2015
LESSONS FROM 9-11
• Disruptions to financial services were due to:
– Loss of life – 70% of the civilians killed worked
in financial services;
– Damage to telecoms & power – the telecoms of
34,000 business & homes were cut off;
– Physical facilities of several key market
participants were destroyed;
– Access restrictions in the aftermath.
• Back-up facilities: Some firms:
– Had no back-up facilities;
– Back-up facilities were too small;
– Back-up facilities were too close & thus
inaccessible or affected by the same damaged
infrastructure;
– Acquired links from different providers,
but the providers used the same paths or
switches for their traffic.
• Need for business continuity plans Testimony28of the
USA-General Accounting Office at the USA House of Representatives

GOVERNMENT COMBATING CYBER CRIME
• Executive (ONSA):
– DfC
– CERT
– Cyber-Forensics
– Other initiatives
• Legislature:
– Draft legislation on Cyber Security and
Information Protection Agency
• Judiciary:
• Review the Evidence Act of the Federal Republic of
Nigeria
–Make provisions for cyber-crimes
–Enable electronic evidence to be admissible
29
in court

ECONOMIC AND FINANCIAL CRIMES COMMISSION (EFCC)
WWW.EFCCNIGERIA.ORG
• Smart software to identify origin and take down scam emails
– Over 800 fraudulent email addresses have been
identified and shut down
– EFCC is fine tuning security modalities and upon full
deployment, the capacity to take down fraudulent emails will increase to 5,000 monthly
• All Telco’s, ISP & Cyber café’s must register their IP details
• October 2008: fifty-eight (58) persons arraigned in
connection with advance fee fraud (419-emails)
• July 2006 had raided 40 Cyber-café’s, seized 200 Computers
as well as impounded 15 Server and Interrogated 5 ISP’s. 5
people had been prosecuted with 2 convictions
• Innovative collaboration to reach the youth Maga (Victim)
No Need Pay http://www.youtube.com/watch?v=EGCnl6O6bnE
• Member G8 24/7 network
30

OTHER PLAYERS COMBATING CYBER CRIME
• UNODC: Capacity Building and Software
• ITU: Cyber Security Work Program to Assist Developing
Countries http://www.itu.int/ITU-D/cyb/cybersecurity
• OIC: Computer Emergency Response Team http://www.oiccert.org/index.html
• NGO: Internet Safety, Security and Privacy Initiative for
Nigeria (ISSPIN) Campaign http://www.pinigeria.org/isspin
– Maga
(Victim) No Need Pay (original)
http://www.youtube.com/watch?v=EGCnl6O6bnE
– Maga
(Victim)
No
Need
Pay
(remix)
http://www.facebook.com/pages/Cobhams-Emmanuel-Asuquo/94090705068?ref=nf
• Professional Associations: Information Systems Security
Association (ISSA) Abuja https://www.issa.org/Chapters/ChapterDirectory.html?Latitude=9.066667&Longitude=7.483333
• Collaboration:
Microsoft,
National
Universities
Commission, Association of Vice Chancellors of Nigerian
Universities, Osun State University, Paradigm Initiative
Nigeria (PIN)
31
ICT & THE NATIONAL SECURITY ESTABLISHMENT MATTER ARISING
•
•
•
•
•
•
•
•
•
•
•
Sharing of Best Practices must become the norm
Piecemeal reform is difficult and often ineffective
Change management process are required
Significant and consistent investment
Customization of interactions based on user needs require
new skill sets and work ethic
Creatively tap into new information sources e.g. online
Foster partnership, cooperation and collaboration by all
stakeholders
Minimize silos of information
Embrace change
Public Private partnerships
• The Private Sector owns the infrastructure
Cyber Forensics capabilities?
32
BE SAFE BE SMART TODAY
Cyber-security
starts with
you protecting yourself
Face book/ Twitter generation
– putting your life on a
billboard
The
first
to
secure,
understand
and
apply
information wins
Monday,
13 April 2015
WAY FORWARD
CERT
COMPUTER
EMERGENCY
RESPONSE
TEAM
CSIRT
COMPUTER
SECURITY
INCIDENT
RESPONSE
TEAM
http://www.oic-cert.org
34
CERT SERVICES
Reactive
Services
• Alerts
&
Warnings
• Incident Handling
• Incident analysis
• Incident
response support
• Incident
response
coordination
• Incident
response on site
• Vulnerability
Handling
• Vulnerability
analysis
• Vulnerability
response
• Vulnerability
response
coordination
Monday,
13 April 2015
Proactive
Services
• Announcements
• Technology
Watch
• Security Audits
or Assessments
• Configuration &
Maintenance of
Security
• Development of
Security Tools
• Intrusion
Detection
Services
• SecurityRelated
Information
Dissemination
Artefact
Handling
• Artefact
analysis
• Artefact
response
• Artefact
response
coordination
Security
Quality
Management
Risk Analysis
• Continuity &
Disaster
Recovery
• Security
Consulting
• Awareness
Building
• Education/
Training
• Product
Evaluation or
Certification
Establish National Security Sector CERT
National
CERTs
National Security
& Sub-Sector
CERTs
CERTs in
• National Security
National
entities
Security
• Stakeholders
Institutions
Develop &
implement CERT • National
Policy
Security
• National Security entities
• Security
entities
Institutions
•Monday,
Stakeholders
13 April 2015
Global
CERTs
CONCLUSION
• Knowledge Mobilisation:
Attitude Predicated on
Knowledge develops mankind, societies and economies
–Trends in ICTs require that National Security establishment
embrace, deploy, exploit and defend ICT
–Knowledge and information are the bedrock of
development
• The user base is evolving and the National Security
establishment and its operatives must evolve also:
–Combining solutions and not simply running after
technology – combinations of hi-tech, low-tech and
no-tech
–National Security operatives are inherently knowledge
workers – Must be empowered accordingly
• National Security like ICT’s are about people
37
Thank you,
for your
attention
[email protected]
Or
[email protected]
38
Download
Related flashcards

Liberalism

46 cards

Liberal parties

74 cards

Media in Kiev

23 cards

Types of organization

26 cards

Daily newspapers

50 cards

Create Flashcards